<!DOCTYPE html>
<html>

<head>
	<meta charset="utf-8">
	<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
	<meta name="theme-color" content="#33474d">
	<title>Samba服务器（多用户组、多用户有不同的访问权限） | 失落的乐章</title>
	<link rel="stylesheet" href="/css/style.css" />
	
      <link rel="alternate" href="/atom.xml" title="失落的乐章" type="application/atom+xml">
    
</head>

<body>

	<header class="header">
		<nav class="header__nav">
			
				<a href="/archives" class="header__link">Archive</a>
			
				<a href="/tags" class="header__link">Tags</a>
			
				<a href="/atom.xml" class="header__link">RSS</a>
			
		</nav>
		<h1 class="header__title"><a href="/">失落的乐章</a></h1>
		<h2 class="header__subtitle">技术面前，永远都是学生。</h2>
	</header>

	<main>
		<article>
	
		<h1>Samba服务器（多用户组、多用户有不同的访问权限）</h1>
	
	<div class="article__infos">
		<span class="article__date">2017-10-12</span><br />
		
		
			<span class="article__tags">
			  	<a class="article__tag-link" href="/tags/Samba/">Samba</a>
			</span>
		
	</div>

	

	
		<ol>
<li><p>首先服务器采用用户验证的方式，每个用户可以访问自己的宿主目录，并且只有该用户能访问宿主目录，并具有完全的权限，而其他人不能看到你的宿主目录。</p>
</li>
<li><p>建立一个caiwu的文件夹，希望caiwu组和lingdao组的人能看到，network02也可以访问，但只有caiwu01有写的权限。</p>
</li>
<li><p>建立一个lindao的目录，只有领导组的人可以访问并读写，还有network02也可以访问，但外人看不到那个目录</p>
</li>
<li><p>建立一个文件交换目录exchange，所有人都能读写，包括guest用户，但每个人不能删除别人的文件。</p>
</li>
<li><p>建立一个公共的只读文件夹public，所有人只读这个文件夹的内容。</p>
</li>
</ol>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;前期的工作</p>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;建立3个组：</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div></pre></td><td class="code"><pre><div class="line">groupadd caiwu</div><div class="line"></div><div class="line">groupadd network</div><div class="line"></div><div class="line">groupadd lingdao</div></pre></td></tr></table></figure>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;添加用户并加入相关的组当中：</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div></pre></td><td class="code"><pre><div class="line">useradd caiwu01 -g caiwu</div><div class="line"></div><div class="line">useradd caiwu02 -g caiwu</div><div class="line"></div><div class="line">useradd network01 -g network</div><div class="line"></div><div class="line">useradd network02 -g network</div><div class="line"></div><div class="line">useradd lingdao01 -g lingdao</div><div class="line"></div><div class="line">useradd lingdao02 -g lingdao</div></pre></td></tr></table></figure>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;然后我们使用smbpasswd -a caiwu01的命令为6个帐户分别添加到samba用户中</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div></pre></td><td class="code"><pre><div class="line">mkdir /home/samba</div><div class="line"></div><div class="line">mkdir /home/samba/caiwu</div><div class="line"></div><div class="line">mkdir /home/samba/lingdao</div><div class="line"></div><div class="line">mkdir /home/samba/exchange</div><div class="line"></div><div class="line">mkdir /home/samba/public</div></pre></td></tr></table></figure>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;为了避免麻烦可以在这里把上面所有的文件夹的权限都设置成777，通过samba灵活的权限管理来设置上面的5点要求。</p>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;以下是smb.conf的配置文件</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div><div class="line">16</div><div class="line">17</div><div class="line">18</div><div class="line">19</div><div class="line">20</div><div class="line">21</div><div class="line">22</div><div class="line">23</div><div class="line">24</div><div class="line">25</div><div class="line">26</div><div class="line">27</div><div class="line">28</div><div class="line">29</div><div class="line">30</div><div class="line">31</div><div class="line">32</div><div class="line">33</div><div class="line">34</div><div class="line">35</div><div class="line">36</div><div class="line">37</div><div class="line">38</div><div class="line">39</div><div class="line">40</div><div class="line">41</div><div class="line">42</div><div class="line">43</div><div class="line">44</div><div class="line">45</div><div class="line">46</div><div class="line">47</div><div class="line">48</div><div class="line">49</div><div class="line">50</div><div class="line">51</div><div class="line">52</div><div class="line">53</div><div class="line">54</div><div class="line">55</div><div class="line">56</div><div class="line">57</div></pre></td><td class="code"><pre><div class="line">[global]</div><div class="line"></div><div class="line">workgroup = bmit </div><div class="line"></div><div class="line"><span class="comment">#我的网络工作组</span></div><div class="line"></div><div class="line">server string = Frank<span class="string">'s Samba File Server</span></div><div class="line"><span class="string"></span></div><div class="line"><span class="string">#我的服务器名描述</span></div><div class="line"><span class="string"></span></div><div class="line"><span class="string">security = user</span></div><div class="line"><span class="string"></span></div><div class="line"><span class="string">#使用用户验证机制</span></div><div class="line"><span class="string"></span></div><div class="line"><span class="string">encrypt passwords = yes</span></div><div class="line"><span class="string">smb passwd file = /etc/samba/smbpasswd</span></div><div class="line"><span class="string">#使用加密密码机制，在win95和winnt使用的是明文</span></div><div class="line"><span class="string"></span></div><div class="line"><span class="string">其他的基本上可以按照默认的来。</span></div><div class="line"><span class="string"></span></div><div class="line"><span class="string">[homes]</span></div><div class="line"><span class="string">comment = Home Directories</span></div><div class="line"><span class="string">browseable = no</span></div><div class="line"><span class="string">writable = yes</span></div><div class="line"><span class="string">valid users = %S</span></div><div class="line"><span class="string">create mode = 0664</span></div><div class="line"><span class="string">directory mode = 0775</span></div><div class="line"><span class="string"></span></div><div class="line"><span class="string">#homes段满足第1条件</span></div><div class="line"><span class="string"></span></div><div class="line"><span class="string">[caiwu]</span></div><div class="line"><span class="string">comment = caiwu</span></div><div class="line"><span class="string">path = /home/samba/caiwu</span></div><div class="line"><span class="string">public = no</span></div><div class="line"><span class="string">valid users = @caiwu,@lingdao,network02</span></div><div class="line"><span class="string">write list = caiwu01</span></div><div class="line"><span class="string">printable = no</span></div><div class="line"><span class="string"></span></div><div class="line"><span class="string">#caiwu段满足我们的第2要求</span></div><div class="line"><span class="string"></span></div><div class="line"><span class="string">[lingdao]</span></div><div class="line"><span class="string">comment = lingdao</span></div><div class="line"><span class="string">path = /home/samba/lingdao</span></div><div class="line"><span class="string">public = no</span></div><div class="line"><span class="string">browseable = no</span></div><div class="line"><span class="string">valid users = @lingdao,network02</span></div><div class="line"><span class="string">printable = no</span></div><div class="line"><span class="string"></span></div><div class="line"><span class="string">#lingdao段能满足我们的第3要求</span></div><div class="line"><span class="string"></span></div><div class="line"><span class="string">[exchage]</span></div><div class="line"><span class="string">comment = Exchange File Directory</span></div><div class="line"><span class="string">path = /home/samba/exchange</span></div><div class="line"><span class="string">public = yes</span></div><div class="line"><span class="string">writable = yes</span></div><div class="line"><span class="string"></span></div><div class="line"><span class="string">#exchange段基本能满足我们的第4要求，但不能满足每个人不能删除别人的文件这个条件，即使里设置了mask也是没用，其实这个条件只要unix设置一个粘着位就行</span></div></pre></td></tr></table></figure>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">chmod -R 1777 /home/samba/exchange</div></pre></td></tr></table></figure>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;注意这里权限是1777，类似的系统目录/tmp也具有相同的权限，这个权限能实现每个人能自由写文件，但不能删除别人的文件这个要求</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div></pre></td><td class="code"><pre><div class="line">[public]</div><div class="line">comment = Read Only Public</div><div class="line">path = /home/samba/public</div><div class="line">public = yes</div><div class="line"><span class="built_in">read</span> only = yes</div><div class="line"></div><div class="line"><span class="comment">#这个public段能满足第5要求。</span></div></pre></td></tr></table></figure>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;到此为止设置已经能实现共享文件要求，记得重启服务</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line"><span class="comment">#/etc/rc.d/init.d/smb restart</span></div></pre></td></tr></table></figure>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;如果大家没有winodws，不妨先用samba的cilent端命令来测试一下</p>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;命令的用法举几个例子</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">smbclient -L 服务器ip -N</div></pre></td></tr></table></figure>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;guest帐户查询服务器的samba共享情况，可以检验一下是否lingdao目录时候能被guest帐户看到，应该是看不到的，当然也可以以某个用户的名义查看</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">smbclient -L 服务器ip -U caiwu01</div></pre></td></tr></table></figure>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;系统会提示密码，只要输入smb密码就行。</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div></pre></td><td class="code"><pre><div class="line">smbclient //服务器ip/caiwu -U caiwu01</div><div class="line"></div><div class="line"><span class="comment">#以caiwu01用户的名义登录caiwu目录</span></div><div class="line"></div><div class="line">smbmount //服务器ip/caiwu /mnt/caiwu -o username=caiwu01</div><div class="line"></div><div class="line"><span class="comment">#把服务器的财务目录映射到本地的/mnt/caiwu目录。</span></div></pre></td></tr></table></figure>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;测试</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">smbclient -L //localhost/share</div></pre></td></tr></table></figure>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;或者　</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">smbclient-L \\127.0.0.1 -Umyname</div></pre></td></tr></table></figure>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;这时输入的密码就是你刚才设置的samba密码使用</p>
<ol>
<li>windows用户</li>
</ol>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;在我的电脑地址栏里输入\192.168.1.1访问；也可windows+R输入\192.168.1.1；<br>登录后可以右击映射到本地驱动器。</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">net use * /delete</div></pre></td></tr></table></figure>
<ol>
<li>Linux</li>
</ol>
<ul>
<li>使用smbclient</li>
</ul>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line"><span class="comment">#smbclient//192.168.1.1/Normal -U user%passwd</span></div></pre></td></tr></table></figure>
<ul>
<li>挂载到某个目录使用</li>
</ul>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div></pre></td><td class="code"><pre><div class="line"><span class="comment">#mkdir/mnt/share</span></div><div class="line"><span class="comment">#mount -o username=youruser,password=passwd //192.168.1.1/Normal  /mnt/share</span></div></pre></td></tr></table></figure>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;设置开机挂载将如下命令写入/etc/fstab</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">//192.168.1.1/share  /mnt/ml45  cifs  defaults,auto,username=youruser,password=passwd 0 0</div></pre></td></tr></table></figure>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;然后#mount -a</p>

	

	
		<span class="different-posts"><a href="/2017/10/12/Samba/2. Samba服务器（多用户组、多用户有不同的访问权限）/" onclick="window.history.go(-1); return false;">⬅️ Go back </a></span>

	

</article>

	</main>

	<footer class="footer">
	<div class="footer-content">
		
	      <div class="footer__element">
	<p>Hi there, <br />welcome to my Blog glad you found it. Have a look around, will you?</p>
</div>

	    
	      <div class="footer__element">
	<h5>Check out</h5>
	<ul class="footer-links">
		<li class="footer-links__link"><a href="/archives">Archive</a></li>
		
		  <li class="footer-links__link"><a href="/atom.xml">RSS</a></li>
	    
		<li class="footer-links__link"><a href="/about">about page</a></li>
		<li class="footer-links__link"><a href="/tags">Tags</a></li>
		<li class="footer-links__link"><a href="/categories">Categories</a></li>
	</ul>
</div>

	    

		<div class="footer-credit">
			<span>© 2017 失落的乐章 | Powered by <a href="https://hexo.io/">Hexo</a> | Theme <a href="https://github.com/HoverBaum/meilidu-hexo">MeiliDu</a></span>
		</div>

	</div>


</footer>



</body>

</html>
